I told you earlier this week about the massive flaw in iPad and iPhone security, and now Apple is taking the stage to defend itself.
A quick recap on how the Masque Attack works. Once an app is installed on your iOS gadget, your phone treats any app with the same name and digital signature as if it were the same app. Normally, your phone would confirm that something called a "certificate" proved that an update to an app was created by the same developer as the app that it's replacing.
The security researchers call attacks exploiting this vulnerability a Masque Attack because all iOS gadgets are vulnerable to malware-infected apps "masking" themselves as something that they're not.
After you give the developer a free pass by saying that you trust the app, they can use the malware they've just installed to hijack your phone and spam others or steal your information. But Apple has another side to the story.
Apple is pretty clear about how easy it is to keep Masque at bay.
"We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software," an Apple spokesperson said. "We're not aware of any customers that have actually been affected by this attack. We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps. Enterprise users installing custom apps should install apps from their company's secure website."
When you install third-party apps, you're giving Masque a chance to take over your smartphone. A popup will appear on your iPhone or iPad asking if you trust the developer. If you click "Trust," you're potentially giving Masque an open door to insert malware into your gadget.
So, unless you're giving everyone a free pass with the "Trust" popup, your iPhone or iPad is secure. The security systems built in to iOS and OS X are fairly hefty, and paying attention to them could save your phone and your personal information.